VA Scan remediation - HSTS Missing From HTTPS Server (RFC 6797)
We are trying to remediate the VA Scan Vulnerability HSTS Missing From HTTPS Server (RFC 6797)
We tried add the lines below in our web.xml inside /conf folder.
- <filter>
<filter-name>Strict-Transport-Security</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
We are trying to remediate the VA Scan Vulnerability HSTS Missing From HTTPS Server (RFC 6797)
We tried add the lines below in our web.xml inside /conf folder.
- <filter>
<filter-name>Strict-Transport-Security</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Strict-Transport-Security</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
but we encountered issue when navigating to Pega Designer Studio.
Pegasystems Inc.
GB
@JuvanE06 if you need help from our support team, please log a ticket via the MSP and let us know the INC reference here so we can help track it.